MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.3	CVE-2026-48789	AnythingLLM: Windows path containment bypass in document folder route_CVE-2026-48789 AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, on Win...	Mintplex-Labs	anything-llm < 1.13.0	Jun 24, 2026	CVE
MEDIUM 5.5	CVE-2026-44022	Docling: Potential Path Traversal via LaTeX \includegraphics and \input Commands_CVE-2026-44022 Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.73.0 until 2....	docling-project	docling >= 2.73.0, < 2.91.0	Jun 24, 2026	CVE
MEDIUM 4.2	CVE-2026-57307	CVE-2026-57307_CVE-2026-57307 A missing permission check in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and earlier allows attackers with Overall/Read permission to con...	Jenkins Project	Jenkins Zowe zDevOps Plugin	Jun 24, 2026	CVE
MEDIUM 4.2	CVE-2026-57306	CVE-2026-57306_CVE-2026-57306 A cross-site request forgery (CSRF) vulnerability in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and earlier allows attackers to connect t...	Jenkins Project	Jenkins Zowe zDevOps Plugin	Jun 24, 2026	CVE
MEDIUM 5.4	CVE-2026-57305	CVE-2026-57305_CVE-2026-57305 A cross-site request forgery (CSRF) vulnerability in Jenkins Assembla Plugin 1.4 and earlier allows attackers to connect to an attacker-specified U...	Jenkins Project	Jenkins Assembla Plugin	Jun 24, 2026	CVE
MEDIUM 5.4	CVE-2026-57304	CVE-2026-57304_CVE-2026-57304 A missing permission check in Jenkins Assembla Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-speci...	Jenkins Project	Jenkins Assembla Plugin	Jun 24, 2026	CVE
MEDIUM 4.3	CVE-2026-57302	CVE-2026-57302_CVE-2026-57302 Jenkins FitNesse Plugin 1.36 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed b...	Jenkins Project	Jenkins FitNesse Plugin 1.36	Jun 24, 2026	CVE
MEDIUM 4.3	CVE-2026-57300	CVE-2026-57300_CVE-2026-57300 A missing permission check in Jenkins MCP Server Plugin 0.177.v629fdb_2557fe and earlier allows attackers with Item/Read permission to read the Pip...	Jenkins Project	Jenkins MCP Server Plugin 0.172.174.v9f72da_90a_710	Jun 24, 2026	CVE
MEDIUM 5.4	CVE-2026-57298	CVE-2026-57298_CVE-2026-57298 A cross-site request forgery (CSRF) vulnerability in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows attackers to h...	Jenkins Project	Jenkins Contrast Continuous Application Security Plugin	Jun 24, 2026	CVE
MEDIUM 5.4	CVE-2026-57295	CVE-2026-57295_CVE-2026-57295 A cross-site request forgery (CSRF) vulnerability in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a_81c3 and earlier allows attackers to connect to a...	Jenkins Project	Jenkins EC2 Fleet Plugin	Jun 24, 2026	CVE